Security processor and methods for registering access entitlements and cryptographic keys

ABSTRACT

This security method for scrambled multimedia signal decoder comprises at least one rewritable lock ( 62, 64 ), the value of which can be toggled at least between a first and a second value in response to an EMM message, and in which a registration module is able, in response to one and the same EMM registration message for writing new access entitlements or new cryptographic keys, to authorize and, alternatively, to prohibit this registration depending on the value of the lock.

This invention relates to a security processor and methods forregistering access entitlements and cryptographic keys.

In this description the terminology used is that in current use in thefield of scrambled multimedia signal transmission systems. For anintroduction to this terminology and scrambled multimedia signaltransmission systems the reader may consult the following article:

-   -   “A single conditional access system for satellite-cable and        terrestrial TV”, Francoise Coutrot, Vincent Michon, Centre        Commun d'Etudes de Télédiffusion et Télécommunication,        Cesson-Sévigné, France, IEEE Transactions on Consumer        Electronics, Vol. 35, No. 3, August 1989.

In particular the terms “ECM message”, “EMM message”, “accessentitlement” and “access conditions” are used in their normal meaning inthis technical field.

There are security processors having:

-   -   a decoding module capable of decoding the control word included        in an ECM message (Entitlement Control Message) so that        scrambled multimedia signals can be unscrambled,    -   a rewritable non-volatile memory containing access entitlements,    -   a comparator able to compare the access conditions present in        the ECM message received with the access entitlements placed in        memory and to prevent the unscrambling of multimedia signals if        the access entitlements do not correspond to the access        conditions received and to authorise unscrambling of scrambled        multimedia signals if the access entitlements stored in memory        correspond to the access conditions received,    -   a module for the registration of new access entitlements in the        rewritable non-volatile memory in response to the receipt of an        EMM message (Entitlement Management Message) for the        registration of new access entitlements.

These security processors typically take the form of smart cards.

For a given decoder there are security processors which operate indifferent ways. For example there are now security processors which aresaid to be “disposable”, that is they can be used to unscramblemultimedia signals for a fixed period Δt, and then after that period thesecurity processor is discarded because it can no longer be used tounscramble multimedia signals. Period Δt is defined by the accessentitlements placed in memory in the disposable security processor.

In order to prevent fraud, the access entitlements in a disposablesecurity processor must not be capable of being amended. For thispurpose, when the security processor is manufactured the module for theregistration of new access entitlements is permanently disabled. Forexample the program recorded in the disposable security processor's ROM(Read Only Memory) does not include such a registration module.

There are also security processors known as “standard” processors.Unlike disposable security processors these are provided with a modulefor the registration of new access entitlements. Through this module,access entitlements can be regularly updated. Such a standard securityprocessor is conventionally that used by a subscriber to an operatorbroadcasting scrambled multimedia signals. In order to achieve thisresult, when the standard security processor is being manufactured theprogram recorded in the security processor's ROM memory comprises afully operational registration module capable of processing EMM messagesfor the registration of new access entitlements.

Thus the process for the manufacture of standard security processors isnot strictly identical to that for disposable security processorsbecause different programs are recorded in the ROM memories of thevarious standard and disposable security processors.

This makes the manufacture of security processors more complex.

The disadvantage described above is also present in security processorsfitted with:

-   -   a decoding module capable of decoding the control word included        in an ECM message (Entitlement Control Message) so that        scrambled multimedia signals can be unscrambled,    -   a rewritable non-volatile memory containing cryptographic keys,    -   a coding and/or decoding module which is capable of coding or        decoding messages other than the ECM message received containing        the coded control word,    -   a module for the registration of new cryptographic keys in the        rewritable non-volatile memory in response to the receipt of an        EMM message (Entitlement Management Message) for the        registration of new cryptographic keys.

In fact, in one method of operation, here called “disposable” by analogywith the above, the registration of new cryptographic keys must beprevented, whereas in another method of operation, here called“standard” by analogy with the above, the registration of newcryptographic keys should be possible. As in the case of accessentitlements, the choice between these two methods of operation is madewhen the security processor is manufactured, by implementing either aprogramme provided with a module for the registration of newcryptographic keys or conversely a program which has no suchregistration module.

The invention aims to overcome this disadvantage by providing securityprocessors which are simpler to manufacture.

The invention therefore relates to a security processor comprising atleast one rewritable lock whose value can be toggled between at least afirst and a second value in response to an EMM message, and aregistration module which is capable of authorising and alternativelyprohibiting the registration of new access entitlements depending uponthe value of the lock in response to the same EMM message for theregistration of new access entitlements.

The invention also relates to a security processor comprising at leastone rewritable lock whose value can be toggled between at least a firstand a second value in response to an EMM message, and a registrationmodule which is capable of authorising and alternatively prohibiting theregistration of new cryptographic keys, depending upon the value of thelock, in response to an EMM message for the registration of a newcryptographic key.

In the above security processors, by adjusting the lock value the samesecurity processor can be configured to operate either as a disposablesecurity processor or as a standard security processor, for example.Furthermore, as the lock value can be amended through an EMM message,this configuration no longer needs to be provided during the stage ofmanufacturing the security processor. For example, a security processorcan be configured as a disposable security processor or as a standardsecurity processor during a stage of personalising the securityprocessor, or even during a stage when the security processor is used ina subscriber's decoder.

Hence the manufacture of a security processor which is intended tooperate as a standard security processor is identical to that of asecurity processor intended to operate as a disposable securityprocessor. This simplifies the manufacture of the security processors.

It also makes it possible to offer new methods of operation. For exampleit is conceivable that a security processor operating as a disposablesecurity processor could be marketed and then if the user of thatsecurity processor took out a subscription to convert the operation ofthat security processor so that it then operated as a standard securityprocessor.

The manner in which security processors are manufactured could compriseone or more of the following features:

-   -   the processor comprises a write module capable of toggling the        lock value from the first value to the second value in response        to an EMM message and to prevent toggling of the lock value from        the second value to the first value whatever subsequent EMM        messages are received,    -   the processor comprises a write module capable of toggling the        lock value from the first value to the second value in response        to an EMM message only if the current date present in the EMM        message is earlier than a limiting activation date registered in        the security processor,    -   the processor comprises a security self-destruct module in such        a way as to render it permanently unusable with all available        decoders and in which a unit for the processing of ECM or EMM        messages can compare the current date present in an ECM or EMM        message received on an absolute expiry date placed in memory in        the security processor and automatically activate the        self-destruct module only if the present date is subsequent to        the absolute expiry date.

The methods of manufacturing security processors also have the followingadvantages:

-   -   use of a lock write module to prevent toggling of the value of        that lock regardless of the EMM message received renders        amendment of the operation of the registration module        irreversible,    -   use of a write module for the lock value authorising amendment        of that value taking into account the limiting activation date        renders amendment of the operation of the registration module        impossible after the limiting activation date,    -   use of the present date included in an ECM or EMM message        received to activate destruction of the security processor makes        it possible to avoid having to resort to the sending of a        specific instruction for initiating destruction of the security        processor.

The invention also relates to a process for the registration of accessentitlements in the above security processors, this process comprising astage of authorising and alternatively a stage of prohibiting suchregistration of new access entitlements depending upon the value of thelock.

The invention also relates to a process for the registration ofcryptographic keys in the security processor, this process comprising astage of authorising and alternatively a stage of prohibiting suchregistration of new cryptographic keys depending upon the value of thelock.

The invention will be better understood from a reading of the followingdescription provided purely by way of a non-limiting example withreference to the drawings, in which:

FIG. 1 is a diagrammatical illustration of the architecture of a systemfor the transmission of scrambled multimedia signals,

FIGS. 2A and 2B are a flow chart for a process for the registration ofaccess entitlements and/or cryptographic keys in a security processor ofthe system in FIG. 1.

FIG. 1 shows a system 2 for the transmission of scrambled multimediasignals. The multimedia signals are, for example, audiovisual signalscorresponding to television channel audiovisual programmes.

In the rest of this description features and functions which are wellknown to those skilled in the art will not be described in detail.

System 2 comprises a transmitter 4 for multimedia signals scrambledusing a control word CW intended for a large number of receivers,through an information transmission system 6.

To simplify FIG. 1, only one receiver 8 is shown.

System 6 is, for example, a hertzien system such as illustrated here ora long distance cable system.

Transmitter 4 can send ECM messages and EMM messages simultaneously withscrambled multimedia signals.

FIG. 1 shows an example of part of the structure of an ECM message 12and an EMM message 14.

Here each ECM message comprises:

-   -   a cryptogram CW* of the control word CW used to scramble the        multimedia signals,    -   access conditions 16 for the scrambled multimedia signals, and    -   means 18 for authenticating the ECM message.

Access conditions 16 include for example an identifier 20 of the contentof the multimedia signals scrambled with the control word CW, and afield 22 containing the current date. This current date is generated bytransmitter 4.

Means 18 comprises for example a cryptographic signature or acryptographic redundancy produced by transmitter 4.

Each EMM message further comprises:

-   -   an identifier 26 for a security processor or a group of security        processors for which the EMM message is intended,    -   a field 28 containing the current date generated by transmitter        4,    -   a field 30 containing instructions for updating cryptographic        keys and/or access entitlements, and    -   means 32 for authenticating the EMM message.

Means 32 is, for example, identical to means 18.

In the special case of an EMM message for the registration of new accessentitlements, field 30 includes instructions for amending the accessentitlements already registered in a security processor or for addingnew access entitlements.

In the case of an EMM message for the registration of new cryptographickeys, field 30 includes instructions through which cryptographic keysalready registered in the security processor can be amended, or new onescan be added.

Receiver 8 is able to receive scrambled multimedia signals as well asECM and EMM messages. For this purpose receiver 8 comprises a decoder 40associated with a security processor 42. Processor 42 is typically aremovable processor such as a smart card which can be inserted intodecoder 40. Processor 42 communicates with decoder 40 through aprocessor/decoder interface. Typically the interface compriseselectrical connectors, each connector having a male and a female member,each forming an integral part of either the decoder or the processor.The interface between decoder 40 and processor 42 complies for examplewith standard ISO 7816.

Decoder 40 is here fitted with an antenna 44 for receiving the varioussignals broadcast by transmitter 4. This antenna 44 is connected to ablock 46 for demultiplexing the signals and, if appropriate, filteringthe signals. At the output from this block 46 scrambled multimediasignals are passed to an unscrambler 48. The EMM and ECM messages arepassed to processor 42.

Unscrambler 48 can unscramble multimedia signals which have beenscrambled using the control word CW decoded by processor 42.

Decoder 40 is connected to a device 50 which displays unscrambledmultimedia signals such as, for example a television set.

Processor 42 is provided with:

-   -   a non-volatile rewritable memory 54 in which access entitlements        are registered,    -   a non-volatile rewritable memory 56 in which cryptographic keys        are registered,    -   a ROM memory (Read Only Memory) 58 intended to contain the        various program instructions executed by processor 42, and    -   three rewritable locks 62 to 64.

Examples of access entitlements present in memory 54 will be providedwith reference to the description of FIG. 2.

To simplify FIG. 1, only one cryptographic key, here referred to as theoperating key 70, is illustrated as being registered in memory 56.Operating key 70 is intended to decode the control word CW as receivedin the ECM message before it is transmitted to unscrambler 48.

Locks 62 to 64 are for example predetermined zones in a non-volatilerewritable memory 74.

Locks 62 to 64 each place one value in memory. Here the value of each ofthese locks can only be toggled between a first value, in this casezero, and a second value, in this case unity, in response to receivingan EMM message for explicitly writing the corresponding lot or as aconsequence of the processing of an EMM message. Locks 62 to 64 existindependently of the access entitlements and the cryptographic keyswhich already have been or will be registered in the memories of thesecurity processor.

When the value of lock 62 is equal to unity, this means that processor42 operates as a disposable security processor, that is to say no newaccess entitlement can be registered in memory 54 and no newcryptographic key can be registered in memory 56. Furthermore, among allthe possible functions of an EMM message, processor 42 is only able toprocess a small number of the functions of this EMM message, such as theinvalidation or deletion of data or the management of a confidentialuser code.

When the value of lock 63 is equal to unity this means that a stage ofpersonalisation of the security processor has been completed. Thepersonalisation stage is described in greater detail with reference toFIG. 2. When the value of this lock 63 is equal to zero, this means thatthe security processor has not yet been personalised.

When the value of lock 64 is equal to zero, this means that processor 42operates as a standard security processor, that is to say it is possibleto register new access entitlements in memory 54 and that it is alsopossible to register new cryptographic keys in memory 56.

When the value of lock 64 is equal to unity, this means that processor42 operates like a security processor which is referred to as being“activatable”. An activatable security processor initially operates inthe same way as a disposable security processor. Among all the possiblefunctions of an EMM message, processor 42 is only able to process asmall number of the functions of an EMM message. However, unlike adisposable security processor, this security processor cannot beconverted into a standard security processor in response to an EMMmessage.

Processor 42 also comprises a unit 76 for the processing of ECM messagesreceived and a unit 78 for the processing of EMM messages received.

Unit 76 also comprises:

-   -   a comparator 80 for comparing the access conditions present in        the ECM message received with the access entitlements placed in        memory in memory 54 in order to determine whether unscrambling        of the multimedia signals should be authorised or conversely        inhibited,    -   a module 82 for decoding the cryptogram CW* in order to obtain        control word CW using operating key 70.

Unit 76 is connected to memories 54, 56 and 74.

Unit 78 comprises in particular:

-   -   a module 88 for writing to lock 62,    -   a module 89 for writing to lock 64,    -   a module 90 for writing to lock 63,    -   a module 94 for the registration of new access entitlements in        memory 54 in response to the receipt of an EMM message for a        registration of new access entitlements, and    -   a module 96 for the registration of new cryptographic keys in        memory 56 in response to the receipt of an EMM message for the        registration of new cryptographic keys.

Unit 78 is connected to memories 54, 56 and 74.

Finally, processor 42 comprises a module 100 for the self-destruction ofprocessor 42. This module 100 is capable of rendering processor 42permanently unusable. For this purpose, for example, module 100 candelete the contents of all the rewritable memories and in particulardelete the data which enable processor 42 to operate. Module 100 mayalso make use of an internal function in processor 42 which makes itpossible to change or delete the primary cryptographic key which is usedto decode the executable code recorded in memory 58.

Typically units 76 and 78 are constructed using a programmableelectronic calculator capable of executing program instructions recordedin ROM memory 58. For this purpose memory 58 in particular includesinstructions for executing the process in FIGS. 2A and 2B when theseinstructions are executed by the programmable calculator.

The operation of receiver 8 will now be described with the help of FIGS.2A and 2B in the particular case of processor 42 and decoder 40.

Initially, in the course of a stage 120, processor 42 is manufactured.In the course of this stage 120 the instructions necessary for executionof this process are registered in memory 58. The default value of locks62 to 64 is zero. Memories 54 and 56 are clean.

Once manufactured, processor 42 is personalised during the stage 122, bya reliable authority. This stage 122 essentially comprises registeringthe information required for marketing it and its operation in a decoderin the various rewritable memories of processor 42.

For example, here in the course of stage 122, in a stage 124, a slidingright is recorded as an access entitlement in memory 54. A sliding rightis an access entitlement of the subscription type, permitting access toparticular programmes during a particular period for which it is valid.Unlike a standard subscription right, referred to as a fixed right, asliding right does not include a validity period specified by anexplicit start date and an explicit end date (or duration). Conversely,when the first access condition which can be satisfied by the slidingright is processed by processor 42, the latter is automaticallyconverted by processor 42 into a fixed right whose validity period hasthe date of receipt of this first access condition as the start date anda calculated date DFDF (End Date for the Fixed Right) for the end date,which is equal to the date of receipt increased by a number NBDAY (orfor a period NBDAY). The sliding right is characterised by the followinginformation:

-   -   the number NBDAY of days defining a period during which        processor 42 may be used to unscramble multimedia signals from        the operator of transmitter 4,    -   an identifier for the audiovisual programmes or group of        audiovisual programmes which can be unscrambled by that sliding        right,    -   a date DPDG (Expiry Date for the Sliding Right) beyond which        processor 42 cannot anymore convert the sliding right into a        fixed right.

If appropriate, in the situation where processor 42 is configured tooperate as an activatable security processor, a period DA (ActivationPeriod) is registered in memory 54. This period DA defines the periodduring which processor 42 can be activated in order to pass from anoperating mode in which it operates as a disposable security processorto a new operating mode in which the processor operates as a standardsecurity processor. More specifically, when the sliding right isconverted into a fixed right, the processor calculates a date DLA(Limiting Activation Date) equal to date DFDF incremented by period DA.As long as this calculation has not been performed, date DLA has adefault value corresponding to a very old date such as Jan. 1, 1900 inorder to prohibit activation.

In a stage 124 an operating key is also registered in memory 56. Thisoperating key is for example known by all the decoders from the sameoperator.

Then in a stage 126 parameters specific to the operator of transmitter 4are registered in the rewritable memories. In particular one of theparameters is the date DPA (Absolute Expiry Date) after which processor42 should destroy itself.

During the next stage 128 EMM messages writing locks 62 and 64 are sentto processor 42 to toggle, if necessary, the values of locks 62 and 64.Typically, in stage 128, these write messages are processed by writemodules 88 and 89. Here these EMM write messages sent during thepersonalisation stage make it possible to configure processor 42 so thatit operates as a disposable security processor (value of lock 62 equalto unity) or as an activatable security processor (value of lock 62equal to zero and value of lock 64 equal to unity) or again as astandard security processor (value of lock 62 equal to zero and value oflock 64 equal to zero). The combination of the two locks 62 and 64 beingequal to unity is furthermore prohibited, because by definition adisposable processor cannot be activated.

Once the values of locks 62 and 64 have been placed in memory then in astage 130 an EMM message writing lock 63 is sent to processor 42. Thismessage is then processed by write module 90 so that the value of“unity” is stored in memory in lock 63, indicating that processor 42 hasbeen personalised.

From then on, whatever subsequent EMM messages are received, the valuesof locks 62 and 63 can no longer be changed. For this purpose, forexample, modules 88 and 90 enable writing in locks 62 and 63 only if thevalue of lock 63 is other than unity, that is to say if processor 42 hasnot been personalised.

Also from that time the value of lock 64 can only be toggled to thevalue zero. For example, to prevent the value of this lock being toggledto the value of unity module 89 checks the value of lock 63 beforeperforming such a writing operation and prohibits the value of “unity”being written in that lock if the value of lock 63 is equal to unity,that is to say if processor 42 has been personalised.

Once stage 122 is complete, personalised processor 42 is temporarilystored with an operator or with a distributor prior to being attributedto a subscriber. Then a stage 136 of using processor 42 in decoder 40begins.

More specifically, in a stage 140 processor 42 is inserted in decoder40.

Unit 76 then executes a procedure 142 processing ECM messages and inparallel unit 78 executes a procedure 144 processing EMM messages forthe registration of new access entitlements and/or new cryptographickeys as well as a procedure 145 of processing other EMM messages.

In procedure 142, in a stage 146, unit 78 receives an ECM message.

Then in the course of a stage 148 unit 76 checks whether the currentdate 22 is equal to or later than date DPA. If this is the case,self-destruct module 100 is activated in a stage 150. Thus in stage 150processor 42 is rendered permanently unusable in any decoder into whichit might be inserted.

If the current date present in the ECM message processed is still notyet later than date DPA, unit 76 checks in a stage 152 whether theaccess conditions 16 associated with identifier 20 can be satisfied bythe sliding right registered in memory 54 of processor 42. If this isthe case unit 76 proceeds to a stage 154 in which it checks that thecurrent date 22 present in the ECM message processed is earlier than thedate DPDG of the sliding right registered in memory 54 during thepersonalisation stage.

If the current date of the ECM message processed is earlier than dateDPDG, then in a stage 156 the sliding right is converted into a fixedright whose start date is the current date 22, and whose end date DFDF(end date for fixed rights) is calculated by adding to the current datethe number of days NBDAY registered in memory 54 in stage 122, and forwhich the program identifier is the identifier registered in memory 54during stage 122. After its conversion into a fixed right, the slidingright ceases to exist in memory 54.

Furthermore, if the values of locks 62 and 64 are equal to zero and onerespectively, that is to say it is an activatable processor, then unit76 also calculates the DLA date (limiting activation date) and registersit in memory 54.

Then, in a stage 158, unit 76 determines whether the current date 22 inthe ECM message is later than date DFDF. If this is the case,unscrambling of the multimedia signals is inhibited in a stage 164. Forexample, in stage 164 module 82 is disabled so that the cryptogram CW*is not decoded, which makes it impossible to unscramble multimediasignals.

If this is not the case, unit 76 authorises unscrambling of themultimedia signals in a stage 160. More specifically, in stage 160module 82 decodes cryptogram CW* using operating key 70 to obtain thecontrol word CW which it transmits to unscrambler 48. In order tounscramble the scrambled multimedia signals unscrambler 48 unscramblesthe scrambled multimedia signals using control word CW beforetransmitting them to device 50 for normal display.

If in the course of stage 152 unit 76 establishes that the accessconditions present in the ECM message received are not satisfactory forthe sliding right (for example because there is no longer any slidingright in memory 54), then unit 76 proceeds to a stage 162 in which itchecks whether the access conditions can be satisfied by another rightregistered in memory 54.

If this is the case, unit 76 authorises unscrambling of the multimediasignals, and proceeds to stage 160 described above.

If this is not the case, unscrambling of the scrambled multimediasignals is inhibited, and it proceeds to stage 164 described below.

On completion of stage 160 or stage 164 the process returns to stage 146to receive and process the next ECM message.

In parallel, at the start of procedure 144, during a stage 176, unit 78receives an EMM message for the registration of new access entitlements.Then during a stage 178 unit 78 checks whether the current date 28 isequal to or later than date DPA. If this is the case, self-destructmodule 100 is activated in a stage 180. Thus during stage 180 processor42 is rendered permanently unusable in any decoder into which it can beinserted.

If the current date present in the EMM message processed is not laterthan date DPA, module 94 then checks in stage 182 whether processor 42should operate as a disposable security processor. In order to do thismodule 94 checks whether the value of lock 62 is equal to unity in astage 182. If this is the case, module 94 prevents the writing of newaccess entitlements in a stage 184. For example, in stage 184 the EMMmessage received is not processed, so that no new access entitlement isregistered in memory 54.

If this is not the case, then during a stage 186 module 94 tests whetherthe value of lock 64 is equal to zero. If this is the case it means thatprocessor 42 should operate as a standard security processor and in astage 188 module 94 authorises the registration of new accessentitlements. Typically, in stage 188 module 94 registers the new accessentitlements included in the EMM message received in memory 54.

In the case where the value of lock 64 is equal to unity, on completionof stage 186 module 89 checks in a stage 190 that the current datepresent in the EMM message received is earlier than the date DLA. Ifthis is the case module 89 toggles the value of lock 64 from the valueof unity to the value of zero in a stage 192, which means that processor42 will henceforth operate as a standard processor.

On completion of stage 192, procedure 144 continues with the executionof stage 188.

If in the course of stage 190 module 89 establishes that the EMM messagefor the registration of new rights has been received after date DLA,then it proceeds to stage 184 and the EMM message received is notprocessed, so that no new access entitlement is registered in memory 54.

Thus, through the above process for the registration of rights duringthe personalisation stage processor 42 can be personalised as being adisposable security processor. In this operating mode processor 42 mustbe inserted into a decoder prior to date DPDG. Then, once inserted inthe decoder, processor 42 makes it possible to unscramble the scrambledmultimedia signals only during the period NBDAY. At the end of thisperiod processor 42 cannot be converted into a standard securityprocessor and cannot therefore further be used.

During personalisation stage 122 processor 42 can also be personalisedto operate as an activatable security processor. In this situation,after being first inserted in decoder 40 prior to date DPDG processor 42operates like a disposable processor. However, unlike a disposablesecurity processor, it can be converted into a standard securityprocessor prior to date DLA by toggling the value of lock 64 to thevalue zero.

Finally, processor 42 can also be configured in the course of stage 122to operate as a standard security processor as soon as it comes intoservice, when new access entitlements can be freely registered.

The procedure in FIG. 2A also applies to the processing of a keyregistration EMM. In this case:

-   -   during stage 176 processor 42 receives a key registration EMM,    -   in stage 188 processor 42 proceeds to register the new value of        operating key 70 in memory 56    -   in stage 184 processor 42 performs no key registration    -   module 94 is replaced by module 96.

Processor 42 executes procedure 145 to process an EMM other than anaccess entitlement or key registration EMM.

At the start of procedure 145, during a stage 294, unit 78 receives thisEMM message which is neither a message for the registration of newaccess entitlements nor a message for the registration of cryptographickeys. Then in a stage 296 it checks that the current date present inthis EMM message is earlier than date DPA. If this is not the case unit78 activates self-destruct module 100 in a stage 298. This stage 298 is,for example, identical to stage 180.

If it is the case, then during the stage 302 unit 78 checks whether thesecurity processor is a disposable processor. During this stage 302 unit78 therefore checks that the value of lock 62 is equal to unity.

If processor 42 is not a disposable processor, then in a stage 304 unit78 checks whether processor 42 is an activatable processor. Unit 78therefore checks whether the value of lock 64 is equal to unity in thecourse of stage 304.

If this is the case, unit 78 proceeds to a stage 306 during which itchecks that the current date present in the EMM message processed isearlier than date DLA. If this is the case the activatable processor isconverted into a standard processor in a stage 308. More specifically,in stage 308 module 89 causes the value of lock 64 to toggle from thevalue of unity to the value of zero. This stage 308 is, for example,identical to stage 192.

On completion of stage 308, the EMM message received is processed in astage 310.

If during stage 302 it is established that the processor is a disposableprocessor, then unit 78 proceeds to a stage 312 in the course of whichunit 78 checks whether the processing requested in the EMM message isone of the processing operations authorised for a disposable securityprocessor. If this is the case, unit 78 then proceeds to stage 310. Ifnot, the EMM message received is not processed and the procedure returnsto stage 294.

If during stage 304 unit 78 establishes that the processor is not anactivatable processor, that is to say it is therefore a standardsecurity processor, unit 78 then proceeds directly to stage 310.

If in the course of stage 306 unit 78 establishes that the current datein the EMM message received is later than date DLA, it then proceeds toa stage 314 in which it determines whether the processing operationrequested in the EMM message received is one of the processingoperations authorised for an activatable security processor. If this isthe case unit 78 then proceeds to stage 310. If not, unit 78 returns tostage 194 without processing the EMM message received.

Once stage 310 is complete, procedure 145 returns to stage 294 toreceive and process another EMM message.

Many other embodiments are possible. In particular the description abovehas been provided in the special case where the locks are used toconfigure processor 42, either to operate as a disposable securityprocessor, or as an activatable security processor, or as a standardsecurity processor. Other modes of operation may be defined, and thesemay result in the addition or the elimination of locks such as locks 62and 64.

Procedure 144 can be modified so that it processes only EMM messages forthe registration of new access entitlements or only EMM messages for theregistration of new keys. In this case the EMM messages which are nolonger processed by procedure 144 are processed by procedure 145. Thismakes it possible to simplify the architecture of processor 42. Forexample, module 96 or module 94 may be omitted as appropriate.

Here, processor 42 and the procedure in FIGS. 2A and 2B have beendescribed in the special case in which the EMM message which makes itpossible to toggle the value of lock 64 to the value zero is the firstEMM message addressed to and received by processor 42, regardless of itsfunction.

In a variant, only particular types of EMM messages such as an EMMmessage for the registration of access entitlements or the registrationof cryptographic keys make it possible to activate processor 42. Stage306 in FIG. 2B then also includes a check that the type of EMM messagecan give rise to activation of processor 42. This for example makes itpossible to prevent activating processor 42 when the operator sends itan EMM message for reinitialising a confidential user code.

In another variant, transmitter 4 sends processor 42 a specificactivation EMM message in response to which module 89 toggles the valueof lock 64 to the value zero. This specific activation EMM message doesnot include any new access entitlement or any new cryptographic key and,for example only, makes it possible to configure process 42 so that thisoperates as a standard security processor. From then on, from the momentwhen the value of lock 64 is toggled to the value zero, new accessentitlements or keys can be registered in memory 54 in a manner similarto that described in the special case where in stage 122 processor 42 isdirectly configured to operate as a standard security processor.

Furthermore, regardless of the means of activation such as that above,activation may include the additional condition that the sliding rightshould have reached the end of its validity. In this case, in stages 190and 306 unit 78 not only checks that the current date present in the EMMmessage is earlier than the activation limiting date DLA but also thatthe current date is later than the date DFDF for the end of the fixedright arising from the sliding right, if present.

In the example described above, during personalisation stage 122different data such as the sliding right or the initial values of locks62 to 64 are registered in processor 42 using EMM messages. Thestructure of these EMM messages, in particular during thepersonalisation stage, may differ from that described here by way ofexample. In particular, as a variant, the EMM messages used during thepersonalisation stage may include low level instructions which aredirectly executable by processor 42. However, whatever the structure ofthe EMM message used to alter the value of the locks, the latter isalways received through the processor/decoder interface.

In the example described above the self-destruct condition of processor42 through comparing date 22, 28 present in the message processed withdate DPA is checked for ECM messages and EMM messages. As a variant,this self-destruct condition may be limited to ECM messages only, thatis to say only when processor 42 is used to effectively access acontent. This makes it possible to simplify the program of processor 42.

In another variant the self-destruct condition may be extended tocomparison of the date present in the ECM or EMM message and date DLA,when present, self-destruction being initiated if date DLA up to whichprocessor 42 can be activated has been passed.

The invention claimed is:
 1. A security processor for a decoder ofmultimedia signals scrambled using a control word and which isconfigurable to have an operating mode as either a disposable orstandard security processor, the processor comprising: a decoder capableof decoding the control word present in an ECM message (EntitlementControl Message) to allow the scrambled multimedia signals to beunscrambled, a rewritable non-volatile memory containing accessentitlements, a comparator capable of comparing the access conditionspresent in the ECM message received with the access entitlements placedin the rewritable non-volatile memory and to prevent unscrambling of themultimedia signals if the access entitlements do not correspond to theaccess conditions received and to authorize unscrambling of thescrambled multimedia signals if the access entitlements in therewritable non-volatile memory correspond to the access conditionsreceived, a register for the registration of new access entitlements inthe rewritable non-volatile memory in response to the receipt of an EMMmessage (Entitlement Management Message) for the registration of newaccess entitlements, and at least one rewritable lock whose value can betoggled between at least a first and a second value in response to anEMM message, and wherein the register is able to authorise andalternatively prohibit this registration of new access entitlements,depending upon the value of the rewritable lock, and in response to agiven EMM message for the registration of new access entitlements,configuring an operating mode of the security processor as one of: adisposable security processor or a standard security processor.
 2. Asecurity processor according to claim 1, in which the register is ableto authorise and alternatively prohibit the registration of a new accessentitlement depending upon the value of the rewritable lock, withoutpreventing the use of other access entitlements already registered inthe rewritable non-volatile memory in response to a given EMM messagefor the registration of a new access entitlement.
 3. A securityprocessor for a decoder of multimedia signals scrambled using a controlword and which is configurable to have an operating mode as either adisposable or standard security processor, this processor comprising: adecoder capable of decoding the control word present in an ECM message(Entitlement Control Message) to enable scrambled multimedia signals tobe unscrambled, a rewritable non-volatile memory containingcryptographic keys, a register for the registration of new cryptographickeys in the rewritable non-volatile memory in response to the receipt ofan EMM message (Entitlement Management Message) for the registration ofnew cryptographic keys, and at least one rewritable lock whose value canbe toggled between at least a first and a second value in response to anEMM message, and wherein the register is capable of authorizing andalternatively prohibiting such registration of new cryptographic keysdepending upon the value of the rewritable lock, and in response to anEMM message for the registration of a new cryptographic key, configuringan operating mode of the security processor as one of: a disposablesecurity processor or a standard security processor.
 4. A securityprocessor according to claim 3, in which an encryptor is able toauthorize and alternatively prohibit the encryption of a newcryptographic key, depending upon the value of the rewritable lock,without preventing the use of cryptographic keys already registered inthe rewritable non-volatile memory, in response to a given EMM messagefor the registration of a new cryptographic key.
 5. A security processoraccording to claim 1, in which the processor comprises a writer totoggle the value of the rewritable lock from the first value to thesecond value in response to an EMM message and prevent toggling of thevalue of the rewritable lock from the second value to the first valueregardless of subsequent EMM messages received.
 6. A security processoraccording to claim 1 in which the processor comprises a writer to togglethe value of the rewritable lock from the first value to the secondvalue in response to an EMM message only if the current date present inthe EMM message is earlier than an activation limiting date registeredin the security processor.
 7. A security processor according to claim 1,in which the security processor comprises a destructor forself-destruction of the security processor to render it permanentlyunusable with all the decoders available and in which a unit for theprocessing of ECM or EMM messages is able to compare the current datepresent in an ECM or EMM message received with an absolute expiry dateplaced in memory in the security processor and to automatically activatethe destructor only if the current date is later than the absoluteexpiry date.
 8. A register for the registration of access entitlementsin a security processor according to claim 1 in response to an EMMmessage for the registration of new access entitlements, characterizedin that the process comprises a stage of authorizing the registration ofnew access entitlements depending on the value of the rewritable lock,or alternatively a stage preventing it.
 9. A register for theregistration of new cryptographic keys in a security processor accordingto claim 3 in response to an EMM message for the registration of newcryptographic keys, characterised in that the process comprises a stagefor authorizing this registration of new cryptographic keys, dependingupon the value of the rewritable lock, and alternatively a stage ofpreventing it.
 10. A security processor according to claim 3, in whichthe processor comprises a writer to toggle the value of the rewritablelock from the first value to the second value in response to an EMMmessage and prevent toggling of the value of the rewritable lock fromthe second value to the first value regardless of subsequent EMMmessages received.
 11. A security processor according to claim 3 inwhich the processor comprises a writer to toggle the value of therewritable lock from the first value to the second value in response toan EMM message only if the current date present in the EMM message isearlier than an activation limiting date registered in the securityprocessor.
 12. A security processor according to claim 3, in which theprocessor comprises a destructor for self-destruction of the securityprocessor to render it permanently unusable with all the decodersavailable and in which a unit for the processing of ECM or EMM messagesis able to compare the current date present in an ECM or EMM messagereceived with an absolute expiry date placed in memory in the securityprocessor and to automatically activate the destructor only if thecurrent date is later than the absolute expiry date.
 13. A register forthe registration of access entitlements in a security processoraccording to claim 5 in response to an EMM message for the registrationof new access entitlements, characterized in that the process comprisesa stage of authorizing the registration of new access entitlementsdepending on the value of the rewritable lock, or alternatively a stagepreventing it.
 14. A security processor according to claim 1, in whichthe processor comprises a plurality of rewritable locks, each of whichhave a value that can be toggled between at least a first and a secondvalue in response to an EMM message, wherein some combinations of valuesof the respective rewritable locks are prohibited.
 15. A securityprocessor according to claim 3, in which the processor comprises aplurality of rewritable locks, each of which have a value that can betoggled between at least a first and a second value in response to anEMM message, wherein some combinations of values of the respectiverewritable locks are prohibited.